source: tools/traceanon/traceanon.1 @ 82facc5

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since 82facc5 was d6dc0f6, checked in by Shane Alcock <salcock@…>, 10 years ago
  • Updated traceends and tracetopends manpages to be about them instead of tracesplit
  • Updated all other manpages to include new tools in their "See also" lists
  • Changed -a argument for traceends to -A to be consistent with tracetopends
  • Property mode set to 100644
File size: 2.9 KB
Line 
1.TH TRACEANON "1" "October 2005" "traceanon (libtrace)" "User Commands"
2.SH NAME
3traceanon \- anonymise ip addresses of traces
4.SH SYNOPSIS
5.B traceanon
6[ \-s | \-\^\-encrypt-source ]
7[ \-d | \-\^\-encrypt-dest ]
8[ \-p prefix | \-\^\-prefix=prefix ]
9[ \-c key | \-\^\-cryptopan=key ]
10[ \-f key-file | \-\^\-keyfile=file ]
11[ \-z level | \-\^\-compress-level=level ]
12[ \-Z method | \-\^\-compress-type=method ]
13sourceuri
14desturi
15.SH DESCRPTION
16traceanon anonymises a trace by replacing IP addresses found in the IP header,
17and any embedded packets inside an ICMP packet.  It also fixes the checksums
18inside TCP and UDP headers.
19
20Two anonymisation schemes are supported, the first replaces a prefix with
21another prefix.  This can be used for instance to replace a /16 with the
22equivilent prefix from RFC1918.  The other scheme is cryptopan which is a
23prefix preserving encryption scheme based on AES.
24.TP
25.PD 0
26.BI \-s
27.TP
28.PD
29.BI \-\^\-encrypt-source
30encrypt only source ip addresses.
31
32.TP
33.PD 0
34.BI \-d
35.TP
36.PD
37.BI \-\^\-encrypt-dest
38encrypt only destination ip addresses.
39
40.TP
41.PD 0
42.BI \-p
43.TP
44.PD
45.BI \-\^\-prefix=prefix
46substitute the high bits of the IP addresses with the provided prefix.
47
48.TP
49.PD 0
50.BI \-c
51.TP
52.PD
53.BI \-\^\-cryptopan=key
54encrypt the IP addresses using the prefix-preserving cryptopan method using
55the key "key".  The key can be up to 32 bytes long, and will be padded with
56NULL characters.
57
58
59.TP
60.PD 0
61.BI \-f
62.TP
63.PD
64.BI \-\^\-keyfile=file
65encrypt the IP addresses using the prefix-preserving cryptopan method using
66the key specified in the file "file".  The key must be 32 bytes
67long. A suitable method of generating a key is by using the command dd to read
68from /dev/urandom.
69
70
71.TP
72.PD 0
73.BI \-z
74.TP
75.PD
76.BI \-\^\-compress-level=level
77compress the output trace using a compression level of "level". Compression
78level can range from 0 (no compression) through to 9. Higher compression levels
79require more CPU to compress data. Defaults to no compression.
80
81.TP
82.PD 0
83.BI \-Z
84.TP
85.PD
86.BI \-\^\-compress-type=method
87compress the output trace using the compression algorithm "method". Possible
88algorithms are "gzip", "bzip2", "lzo" and "none". Default is "none".
89
90.SH EXAMPLES
91.nf
92traceanon \-\^\-cryptopan="fish go moo, oh yes they do" \\
93        \-\^\-encrypt-source \\
94        \-\^\-encrypt-dest \\
95        \-\^\-compress-level=1 \\
96        \-\^\-compress-type=gzip \\
97        erf:/traces/unenc.gz \\
98        erf:/traces/enc.gz \\
99.fi
100
101.SH BUGS
102This software should support encrypting based on the direction/interface flag.
103
104IP addresses inside ARP's are not encrypted.
105
106.SH LINKS
107More details about traceanon (and libtrace) can be found at
108http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
109
110.SH SEE ALSO
111libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracestats(1),
112tracesummary(1), tracertstats(1), tracesplit(1), tracesplit_dir(1),
113tracereport(1), tracepktdump(1), tracediff(1), tracereplay(1),
114traceends(1), tracetopends(1)
115
116.SH AUTHORS
117Perry Lorier <perry@cs.waikato.ac.nz>
Note: See TracBrowser for help on using the repository browser.